HP-UX AAA Server A.08.00.01 Administrator's Guide
SQLAction RetrieveToken {
{
input
RAD(User-Id, REPLY) DBP(userid, 253, CHAR)
output
DBR(100:*) RET(RETRIEVE_ERROR)
DBR(-1:*) RET(ERROR)
DBC(serial_number, 128, CHAR) RAD(Otp-Token-Serial-Number, REPLY)
DBC(token_status, 128, CHAR) FUNC(AAATokenStatusCheck)
DBC(seq_counter, 38, CHAR) RAD(HOtp-Seq-Counter, REPLY)
DBC(shared_secret, 128, CHAR) FUNC(AAASetConvertedHexToBinaryString)
DBR(0:0) RET(RETRIEVE_SUCCESS)
DBR(*:*) RET(RETRIEVE_ERROR)
SQLStatement db_oci {
SELECT serial_number, token_status,
seq_counter, shared_secret
FROM RAD_TOKENS_TABLE
WHERE user_name=:userid
}
}
}
In this example, the Otp-Token-Length attribute has been added in the last row. If
you are using RetrieveUserAndToken SQL action, similar changes will be required
there to configure OTP attributes at a user level.
NOTE: The corresponding values for the attributes configured in the
sqlaccess.config file must be stored in the user profile and in RAD_TOKENS_TABLE
in the database.
Advanced Deployment Scenarios
This section documents the procedures for configuring OTP and two-factor
authentication in the following deployment scenarios:
• “Validating OTP Alone” (page 195)
• “Configuring Two-Factor Authentication” (page 197)
— “If User and Token Information is in Different SQL Database Tables” (page 197)
— “If User and Token Information is in the Same SQL Database Table” (page 199)
— “If User and Token Information is in Different Databases” (page 202)
• “OTP or Password Validation at External RADIUS Server” (page 205)
— “Validating Password on the Local Server and Forwarding OTP to Another
RADIUS Server” (page 205)
— “Validating OTP on the Local Server and Forwarding Password to Another
RADIUS Server” (page 209)
— “Forwarding OTP and Password to Another RADIUS Server for Validation”
(page 212)
194 OATH Standards-Based OTP Authentication